#!/bin/bash

############ AUTO-REAVER CONFIGURATION #######################################
#### Additional Reaver options besides bssid, spoofed mac, session file, channel
# d [seconds] = delay (seconds) between PIN attempts
# g [num attempts] = Quit after num pin attempts (for 1 iteration of loop)
# T [seconds] = Set the M5/M7 timeout period [0.20]
# t = receive timeout
# l = lockdown delay (if WPS is blocked)
# N = do not send NACK's if packets are out of order
# S = Use small DH keys to improve crack speed
# x [seconds] = Fail wait in seconds (When 10 consecutive unexpected WPS errors are encountered)
# E = Terminate each WPS session with an EAP FAIL packet (for poor AP implementations)
# A = No associate (you must associate with another program) (WARNING: NO_AIREPLAY must be set to 0 for aireplay-ng associacion)
# vv is Enabled by default below, because script relies on Reaver response
# --win7 = Mimic Windows 7 registrar
# WARNING! You can't turn off -vv flag, because script is analyzing Reaver output

ADDITIONAL_OPTIONS="-g 1 -E -S -N -T 1 -t 20 -d 0 --win7";
# since (2014-07-12)
# minimum number of minutes between pin attempts per access point
# this option ensures you that AP won't be checked more often than MINUTES_WAIT_BETWEEN_PIN_ATTEMPTS minutes
# so if AP blocks WPS often, consider to use this option to prevent blocking
MINUTES_WAIT_BETWEEN_PIN_ATTEMPTS=1;
# Time in minutes during which AP is skipped inside loop because of reach "AP rate limit"
# Notice: "...was blocked less than {LIMIT_WAIT_MINUTES} minutes ago, skipping"
LIMIT_WAIT_MINUTES=15;
# sleep in seconds before another re-check of whole list (outer loop iteration)
# Notice: "Sleeping before another list re-check for {SLEEP_BEFORE_LIST_RECHECK} seconds"
SLEEP_BEFORE_LIST_RECHECK=60;

# Timeout in seconds during script waits for AP to show up in airodump, after that AP is considered offline
# Notice: "Wait {BSSID_ONLINE_TIMEOUT} seconds... scanning if XX:XX:XX:XX:XX:XX (XXXX) is online" 
# Notice: "If you use random channels for AP's increase this value, since hopping between channels takes long time"
BSSID_ONLINE_TIMEOUT=60;
# After this time of inactivity reaver will be killed, and started again with another AP.
# Setting INACTIVITY_TIMEOUT=0 will prevent activityCheckerScript to run.
INACTIVITY_TIMEOUT=120;
# sleep in seconds between checking different AP's (inner loop iteration)
# Notice: "Sleeping between AP's for {SLEEP_BETWEEN_APS}"
SLEEP_BETWEEN_APS=0;
# Delay in seconds between association requests (aireplay-ng fake auth -l option)
FAKE_AUTH_DELAY_SECONDS=60;


# (1 or 0) if set to 1 means that additional airodump-ng (monitoring access point behavior) isn't started
# set this to 0 if you wan't to see what's going on with AP (signal, beacons...etc)
NO_AIRODUMP=1;
# (1 or 0) if set to 1 means that additional aireplay-ng (doing fake-auth) isn't started
# set this to 0 if you encountered something like "[!] WARNING: Failed to associate with xx:xx:xx:xx:xx:xx (ESSID: yyyyy)"
NO_AIREPLAY=0;



# macchanger can be "ALL", "PER_LOOP", "ONCE" or ""
# "ALL" - changes mac address of your wifi card, for all access points in the loop
# "PER_LOOP" - changes mac address once per loop (every list re-check) 
# "ONCE" - changes mac address once at the beginning of the script
# "" - never changes mac adress (macchanger is off)
MACCHANGER_ON="ONCE";

# SPOOFED MAC (if you want to define your own spoofed mac for wifi card)
# If you leave this empty MAC will be randomly generated by perl below
SPOOFED_MAC=""; #"00:21:6B:B5:E5:22" /
# Reaver session files directory
REAVER_SESSION_DIR="/usr/local/etc/reaver";
# temporary directory for autoReaver script (containing some tmp files which are needed)
TMP_DIR="/tmp/autoReaver";
# dir with tmp files indicating, that BSSID reached limit of attempts, files are named just like reaver session files
# simply if MAC=AA:BB:CC:DD:EE:FF file name is AABBCCDDEEFF
# every file is checking if it was modified over last LIMIT_WAIT_MINUTES, 
# if it was.. that means AP reached rate limit and will be skipped during the loop
LIMIT_TMP_DIR="$TMP_DIR/APLimitBSSID";

# directory with last dates of pin checks (if pin was checked, date of check was putted into PIN_DATE_TMP_DIR/BSSID file)
# Better don't set this directory in /tmp/ because it's cleared after system restart, and you loose your pin dates
# which are required to calculate average time between PINs
PIN_DATE_TMP_DIR=$(pwd)"/ReaverLastPinDates";

# file containing list of cracked access points
# if something goes wrong with this file remember you can always recover PIN / Passphrase
# from /usr/local/etc/reaver/reaver.db
# or recover last checked pin from session file /usr/local/etc/reaver/{MAC}.wpc
CRACKED_LIST_FILE_PATH=$(pwd)"/AUTOREAVER_CRACKED_WPS_LIST";

####### Checking activity ####
# makeActivityChecker checks if file CHECK_ACTIVITY_FILE was modified before ($NOW - $INACTIVITY_TIMEOUT)
# then reaver process is killed due to inactivity (probably hanged up)
# CHECK_ACTIVITY_FILE is touched while AP responds with messsages such like: Received M1-M6
# If there was no mentioned output from Reaver in INACTIVITY_TIMEOUT period (seconds)
CHECK_ACTIVITY_FILE="$TMP_DIR/autoReaverLastActivity";


# You should modify this in case you have other interface like ath0 or something else
WIRELESS_INTERFACE="wlan0";

# Here you can define your own regexp which if matched - means that Reaver is active
# If you want to be restrictive, you could change this to "Received WSC NACK",
# which means that only rejecting PIN will be considered as activity.
# Sometimes Reaver outputs only "Received M1" and won't go further, then you should change this to "Received M3". 
# This value should depend on specific AP's behavior.
REAVER_ACTIVITY_PERL_REGEXP="Received M3";

######################## END OF CONFIGURATION #######################################################